A hacker wearing a hoodie and holding a key.

Namecheap Data Breach: Hackers Leveraged DHL And MetaMask In Their Phishing Attacks

Hackers breached Namecheap’s email system two weeks ago, resulting in a large number of phishing emails using MetaMask and DHL as bait. The emails aimed to trick subscribers into revealing their personal information and cryptocurrency wallets.

Namecheap is a company that provides IT services and hosts domains for websites around the world. In simpler terms, a domain hosting service is a service or company that keeps your website up and running on the internet.

Namecheap updated its customers that its email system was hacked and informed them about the ongoing phishing campaign.

Hackers started sending fake emails around 4:30 PM EST. They sent these emails using SendGrid, which is a platform that Namecheap has used in the past to send messages about renewals and promotions.

People who received suspicious emails started talking about it on Twitter. Richard Kirkendall, the CEO of Namecheap, said that the company’s account had been compromised. As a result, they swiftly disabled the ability to send emails using SendGrid while they investigated what happened. They later removed the tweet in which they confirmed this.

Kirkendall said that the report from CloudSek in December might have something to do with the hack. The report revealed that some mobile apps were leaking the API keys of Mailgun, MailChimp, and SendGrid.

Phishing Campaign using DHL/MetaMask

Scammers have been using sneaky tactics to trick people into giving away their personal information. They’ve been sending phishing emails as part of their scheme, pretending to be either DHL or MetaMask. To make it seem more legitimate, the fake DHL emails even included shipping invoices that needed to be paid to receive the package.

Unfortunately, these emails were a trap. The links inside them took unsuspecting victims to a fake website where the scammers tried to steal their private data.

An email that appears to be from MetaMask has been identified as a phishing scam. The email falsely claims that wallet suspension could occur if a “Know Your Customer” verification is not performed.

Victims received emails that appeared to be from Namecheap promoting something. But when they clicked on the link in the email, it took them to a fake MetaMask website that was trying to steal their personal information. The webpage requested the user’s private key or secret combination.

Fake MetaMask page
Fake MetaMask page (BleepingComputer)

The company said that they didn’t have any security breaches on their internal systems and that their customers’ information wasn’t affected.

According to a blog post by Namecheap:

We have evidence that the upstream system we use for sending emails (third party) is involved in the mailing of unsolicited emails to our clients. As a result, some unauthorised emails might have been received by you. We would like to assure you that Namecheap’s own systems were not breached, and your products, accounts, and personal information remain secure.

After the phishing incident, Namecheap took serious actions to secure their system. They stopped sending out all kinds of emails, including those containing two-factor authentication codes, trusted device verifications, and password reset links.

They also started looking into the incident with their provider to find out what happened and how they can prevent it from happening again in the future.

Customers have been warned by MetaMask not to reply to communications involving user wallets.

MetaMask said in a Tweet:

MetaMask does not collect KYC info and will never email you about your account. Do not enter your Secret Recovery Phrase on a website ever. If you got an email today from MetaMask or Namecheap or anyone else like this, ignore it and do not click its links.

Mailchimp had a data breach in January because someone tricked one of their employees into giving away information through social engineering. After the security breach on the platform, the people who use it were given an alert that they might receive phishing emails. The bad guys managed to steal customer names and email addresses, so the company wanted to make sure that everyone was aware of the situation and could take precautions to protect themselves.

Phishing Tackle offers a free 14-day trial to help train your users to avoid these types of attacks and test their knowledge with simulated attacks using various attack vectors. By focusing on training your users to spot these types of attacks, rather than relying solely on technology (none of which can spot 100% of phishing emails), you can ensure that your organisation is better prepared to defend against cyber threats and minimise the impact of any successful attacks.

Recent posts